Notices by muesli (fribbledom@mastodon.social), page 2

@kitsune_yasu

Well, yes, but also: if they really wanted security, they would have developed a secure solution, not handed out the key on a golden plate.

@kitsune_yasu

https://mastodon.social/@fribbledom/113851687163524158

@kitsune_yasu

There would have been a multitude of ways to actually improve their security:

an Oauth API, API tokens, token/PIN exchange on the printer's display and/or a QR-code, an actual LAN-only mode, manual certificate exchange, ... I'll stop here.

All of these solutions would be absolutely feasible, actually secure, and would not lock you out from using a third-party slicer. Their solution isn't about security at all, it's only about controlling their ecosystem.

@kitsune_yasu

It's not misleading at all. It's exactly what's happening: you can not use another slicer to send your job to the printer.

They're doing all this in the name of security and then offer a solution that literally ships their private key to everyone's desktop. It's been leaked by now. This entire situation is so ridiculously amateurish, I don't even know what to say.

@kitsune_yasu I didn't claim otherwise. But let's not pretend this has anything to do with security.

@M4x @buzigde

Their latest V-Core is a fantastic printer!

@raktatuk

They already told Orca to get lost. Read up on the news, it's even more ridiculous than we initially thought.

@tankgrrl @eletious

Of course, you can still skip future updates and take that entire machine offline... or rely on an SD card for your print jobs. Both feel like lousy workarounds to me.

@tankgrrl @eletious

Except that with the new firmware even the LAN-only mode requires the g-codes you want to print to get signed by Bambu first.

Can't wait for the next firmware upgrade 🤣

...and less than 24 hours later, the BambuConnect app has been de-obfuscated, including Bambu's private key to sign HTTP requests.

https://hastebin.skyra.pw/pufugimoye.js

So much for their laughable security claims.

@ttk

You will still be able to generate g-code with other slicers, but they won't be able to directly communicate with your printer. You will have to use their new proprietary app to send it to the machine. Even locally.

@steffo

Too early to make that move. Once we're closer to a monopoly, they'll pull that rug under our feet.

@lx

That's indeed a good alternative, even though I'd probably wait for the Prusa Core One which is about to be released at the end of this month.

... it ain't no lie, Bambu bye-bye-bye!

@Xzan

I apologize if I misunderstood that, but their blog post sadly isn't overly specific in that regard.

In some ways that would be even worse, because that would mean now you're supposed to not only run proprietary code on your printer, but also your on your desktop.

Alas, enough alternatives still out there.

@chewie

Maybe it would also help if half of the machine's features didn't depend on being online at all times 🙄

@bolli

With the X1E I'd probably block it from accessing the net altogether and keep printing over LAN.

@ElpasYou_2

Probably a company with a track record of supporting open standards & interfaces.

Check out Prusa, RatRig, Voron.

If you're looking for a specific model, I'm happy to help.

@micha @claudius

Exactly.